mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

MDL-65536 mod_lti: OpenSSL configuration

Browse Source 
LTI 1.3 requires working openssl functions to generate a private
key used for the JWT. Some installs (e.g. windows) can have the
functions available - but require configuration in php before they
actually do anything.
This commit is contained in:
Damyon Wiese 2019-05-10 10:01:56 +08:00 committed by Jake Dallimore
parent 63dd2951bb
commit db0ccfa922
6 changed files with 108 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
mod/lti/db/install.php
View File

@ -28,15 +28,13 @@ defined('MOODLE_INTERNAL') || die();
* Stub for database installation.
*/
function xmldb_lti_install() {
global $CFG, $OUTPUT;
// Create the private key.
$kid = bin2hex(openssl_random_pseudo_bytes(10));
set_config('kid', $kid, 'mod_lti');
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privatekey);
set_config('privatekey', $privatekey, 'mod_lti');
require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
$warning = mod_lti_verify_private_key();
if (!empty($warning)) {
echo $OUTPUT->notification($warning, 'notifyproblem');
}
}

19
mod/lti/db/upgrade.php
View File

@ -59,7 +59,7 @@
* @return boolean
*/
function xmldb_lti_upgrade($oldversion) {
global $CFG, $DB;
global $CFG, $DB, $OUTPUT;
$dbman = $DB->get_manager();
@ -157,17 +157,12 @@ function xmldb_lti_upgrade($oldversion) {
$dbman->add_index($table, $index);
}
// Create the private key.
$kid = bin2hex(openssl_random_pseudo_bytes(10));
set_config('kid', $kid, 'mod_lti');
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privatekey);
set_config('privatekey', $privatekey, 'mod_lti');
require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
$warning = mod_lti_verify_private_key();
if (!empty($warning)) {
echo $OUTPUT->notification($warning, 'notifyproblem');
}
// Lti savepoint reached.
upgrade_mod_savepoint(true, 2019031300, 'lti');

24
mod/lti/edit_form.php
View File

@ -339,4 +339,28 @@ class mod_lti_edit_types_form extends moodleform {
$service->get_configuration_options($mform);
}
}
/**
* Validate the form data before we allow them to save the tool type.
*
* @param array $data
* @param array $files
* @return array Error messages
*/
public function validation($data, $files) {
global $CFG;
$errors = parent::validation($data, $files);
if ($data['lti_ltiversion'] == LTI_VERSION_1P3) {
require_once($CFG->dirroot . '/mod/lti/upgradelib.php');
$warning = mod_lti_verify_private_key();
if (!empty($warning)) {
$errors['lti_ltiversion'] = $warning;
return $errors;
}
}
return $errors;
}
}

7
mod/lti/instructor_edit_tool_type.php
View File

@ -121,8 +121,13 @@ EOF;
window.opener.M.mod_lti.editor.addToolType({$json});
EOF;
}
echo html_writer::script($script . $closewindow);
} else if ($form->is_cancelled()) {
echo html_writer::script($closewindow);
} else {
echo $OUTPUT->heading(get_string('toolsetup', 'lti'));
$form->display();
}
echo html_writer::script($script . $closewindow);
}
echo $OUTPUT->footer();

1
mod/lti/lang/en/lti.php
View File

@ -483,6 +483,7 @@ $string['show_in_course_lti2_help'] = 'This tool can be shown in the activity ch
$string['show_in_course_no'] = 'Do not show; use only when a matching tool URL is entered';
$string['show_in_course_preconfigured'] = 'Show as preconfigured tool when adding an external tool';
$string['size'] = 'Size parameters';
$string['opensslconfiginvalid'] = 'LTI 1.3 requires a valid openssl.cnf to be configured and available to your web server. Please contact the site administrator to configure and enable openssl for this site.';
$string['submission'] = 'Submission';
$string['submissions'] = 'Submissions';
$string['submissionsfor'] = 'Submissions for {$a}';

62
mod/lti/upgradelib.php Normal file
View File

@ -0,0 +1,62 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This file contains functions used by upgrade and install.
*
* Because this is used during install it should not include additional files.
*
* @package mod_lti
* @copyright 2019 Damyon Wiese
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
/**
* This function checks if a private key has been generated for this site.
*
* If the key does not exist it generates a new one. If the openssl
* extension is not installed or configured properly it returns a warning message.
*
* @return string A warning message if a private key does not exist and cannot be generated.
*/
function mod_lti_verify_private_key() {
$key = get_config('privatekey', 'mod_lti');
// If we already generated a valid key, no need to check.
if (empty($key)) {
// Create the private key.
$kid = bin2hex(openssl_random_pseudo_bytes(10));
set_config('kid', $kid, 'mod_lti');
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privatekey);
if (!empty($privatekey)) {
set_config('privatekey', $privatekey, 'mod_lti');
} else {
return get_string('opensslconfiginvalid', 'mod_lti');
}
}
return '';
}